Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
progress sitefinity vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2017-18177
Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.
Progress Sitefinity 9.1
6.1
CVSSv3
CVE-2017-18178
Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1.
Progress Sitefinity 9.1
8.8
CVSSv3
CVE-2017-18179
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1.
Progress Sitefinity 9.1
6.1
CVSSv3
CVE-2018-17053
Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 up to and including 11.0 allows remote malicious users to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2...
Progress Sitefinity Cms
6.1
CVSSv3
CVE-2017-18639
Progress Sitefinity CMS prior to 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImag...
Progress Sitefinity Cms
6.1
CVSSv3
CVE-2018-17054
Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 up to and including 11.0 allows remote malicious users to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2...
Progress Sitefinity Cms
6.1
CVSSv3
CVE-2018-17056
Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 up to and including 11.0 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Progress Sitefinity Cms
9.8
CVSSv3
CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity prior to 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote malicious users to defeat cryptographic pro...
Telerik Sitefinity Cms
Telerik Ui For Asp.net Ajax
1 EDB exploit
17 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2